In Brief
- SwapNet exploit drains $16.8M after users disabled one-time approval protections.
- Attacker swapped $10.5M USDC to ETH on Base before bridging to Ethereum.
- Matcha Meta disables affected contracts as security firms flag wider DeFi risks.
A security breach linked to SwapNet led to losses of about $16.8 million, affecting users interacting through Matcha Meta. The incident mainly impacted users who disabled one-time approvals, thereby exposing persistent token permissions.
Blockchain security firm PeckShieldAlert identified the exploit and traced the initial fund movements. The attacker targeted SwapNet router contracts that retained unlimited approvals from affected user wallets.
On the Base network, the attacker exchanged roughly $10.5 million in USDC for about 3,655 ether. Soon after, the attacker began bridging the converted assets to the Ethereum mainnet to complicate tracking.
SwapNet operates as a liquidity router used by Matcha Meta to source pricing and deep liquidity. The exploit involved abusing existing approvals rather than breaching private keys or core infrastructure.
Matcha Meta, built by the 0x team, confirmed the issue and immediately disabled affected SwapNet contracts. The platform also removed the option allowing users to grant direct approvals to third-party aggregators.
Investigation Expands as Security Firms Flag Wider Risks
Further analysis suggested the exploit stemmed from an arbitrary call vulnerability within SwapNet contracts. This flaw allowed attackers to transfer approved tokens without requesting new permissions.
Security firm BlockSec reported that multiple contracts across chains suffered losses exceeding $17 million. Affected networks included Ethereum, Arbitrum, Base, and BNB Chain, increasing the incident’s scope.
Separately, CertiK estimated that stolen funds near $13.3 million in USDC from related activity.
Some contracts involved remained closed-source and unverified at deployment.
Matcha Meta later confirmed that 0x core contracts were not affected by the incident.
Users relying on one-time approvals through 0x infrastructure remained unaffected.
The incident renewed scrutiny around persistent token approvals in decentralized finance.
Unlimited permissions offer convenience but increase exposure during smart contract failures.
Meanwhile, on-chain investigator ZachXBT criticized Circle’s delayed response to freeze remaining USDC. Roughly $3 million reportedly remained at addresses eligible for freezing during the response window.
The breach adds to a growing list of DeFi security failures early in 2026. Industry data shows stolen crypto funds reached record levels in recent years, increasing pressure on protocol security practices.
|
| DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing. |
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Blockfills Files for Chapter 11 Bankruptcy Following Month-Long Liquidity Freeze
Blockfills has filed for voluntary Chapter 11 bankruptcy protection on March 15, 2026, after pausing deposits and withdrawals over financial concerns since Feb. 11.
A Protracted Liquidity Crisis
Institutional cryptocurrency trading firm Blockfills has officially filed for voluntary Chapter 11 ban
Coinpedia1h ago
South Korea FIU Fines Certain CEX Approximately $24.6 Million and Suspends Operations Partially for 6 Months
South Korea's financial intelligence unit imposed a 6-month partial shutdown and a 368 billion won fine on a certain CEX for violating anti-money laundering obligations. The inspection found numerous regulatory violations and customer identification issues. During this period, existing user transactions were not affected, but virtual asset transfers for new users were restricted.
GateNews7h ago
Crypto Trading Firm BlockFills Seeks Chapter 11 Protection
BlockFills filed Chapter 11 after reporting $50–$100M in assets against $100–$500M in liabilities.
The firm suspended client withdrawals in February as liquidity pressures and a $75M loss emerged.
A Dominion Capital lawsuit alleging asset misappropriation led to a court order freezing
CryptoFrontNews8h ago
South Korean Court Rejects Flow Foundation's Request to Stop Three Exchanges from Delisting FLOW
The Seoul Central District Court in South Korea rejected a motion for a preliminary injunction filed by the Flow Foundation and Dapper Labs against three exchanges, supporting their termination of FLOW trading. The court determined that there was insufficient evidence and prioritized investor protection. FLOW remains tradable on Korbit, but has been delisted from the other three exchanges.
GateNews9h ago
Institutional Crypto Lender BlockFills Files Chapter 11 in Delaware
Institutional crypto trading and lending firm BlockFills has filed for Chapter 11 bankruptcy protection in the United States, marking the latest setback for the digital asset lending sector after weeks of operational turmoil.
In a statement shared on X on March 16, the company said that after
TodayqNews9h ago
BlockFills Files Chapter 11 Bankruptcy With Liabilities Up to $500 Million
Chicago-based cryptocurrency trading company BlockFills and its parent company Reliz Ltd. recently filed for Chapter 11 bankruptcy protection with U.S. courts due to ongoing financial difficulties and liquidity issues. The company's assets are estimated between $50 million and $100 million, while liabilities reach $500 million, indicating severe financial pressure. The company previously suspended customer deposit and withdrawal services due to liquidity shortages and faced court-imposed asset restrictions due to litigation over misappropriation of funds. The bankruptcy filing aims to reorganize cash flows and maintain transparency. This incident highlights structural vulnerabilities in the cryptocurrency lending market.
MarketWhisper10h ago
